That is the statement I assumed. I still receive a syntax error. It seems to me it is due to a strange join (thanks beth). I wanted to post to see if anyone had any advanced ideas on syntax....
Also I read the ngssoftware paper. I really enjoyed it. There is another paper I found by Kevin Spett @ SPI Dynamics that is good as well. S_I --- [EMAIL PROTECTED] wrote: > From the following: > vulnerable.asp?g=1; > > Error Type: > Microsoft OLE DB Provider for ODBC Drivers > (0x80040E14) > [Microsoft][ODBC SQL Server Driver][SQL > Server]Incorrect syntax near the keyword 'order'. > > you can assume that the sql statement is of the > form: (nice and generic) > > select A from B where C order by D > > you are inseting into C in this example. what you > need to do is provide > something like: > > g=1; select * from sysobjects-- > > note the single line comment at the end (--), this > is necessary to prevent > the "order" clause being executed out of context in > our inserted query. > > There were some good papers on this... can only > remember > www.ngssoftware.com off the top of my head. > > > __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
